Disclosure is in the DNA of HackerOne. We call it Hacktivity and have supported public disclosure workflows of vulnerability reports since the beginning. Default to Disclosure is part of our company values. We live by these values every day, and our platform features around disclosure display how important this is for our team and community.
With over 6,000 reports that have been disclosed on Hacktivity, we’re proud to announce that we’re launching Disclosure for Private Programs. Vulnerability reports can now be disclosed within a private program.
“Within a program” means the report will only be disclosed to other hackers participating in the private program, and not the entire world. This is a big step forward for both programs and hackers and increases everyone’s ability to share and learn from others in the community!
Increase engagement through disclosure
Customers who run public programs have always been able to drive increased engagement in their programs through public disclosure. This latest release extends this benefit to private programs.
Showcasing creative findings triggers other hackers in your program to take a look with a fresh perspective and has proven to result in the discovery of new and related vulnerabilities. During a closed beta test, we saw a disclosure result in two additional previously unknown vulnerabilities from other hackers participating in that same private program.
How do I disclose a report?
Before you can start disclosing reports within a private program, program owners need to opt-in (Settings > Program > Customization > Disclosure) to allow disclosure within their private program. Once set up, it’s as easy as going to the report in the Inbox and requesting disclosure.
The disclosure process is the same as for public programs, the only difference being a report in a private program only gets disclosed to other invited hackers.
To learn more, about our disclosure process have a look at our docs site and begin securely disclosing your private reports today!
We’re always looking for improvements to our platform. Keep an eye on our blog, and please let us know if you have feedback or suggestions.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.